crossdomain.xml request begins with appended GET URL Data

Question

I've created a flash site with a simple hit to a server to pull down search data. The server is a client server, located on another domain, so I created a crossdomain.xml to load at their root.

I kept getting sandbox security errors, so I ran Charles and found that my code is requesting a crossdomain.xml after the urlVariables.

For example. I call

http://searchStuff.com/search?master_device_id=5606&q=email&do=simulator_sayt

And my program looks for the crossdomain.xml here:

http://searchStuff.com/search?master_device_id=5606&q=email&do=simulator_sayt/crossdomain.xml

I've tried using Security.loadPolicyFile, but this doesn't work until it hits the crossdomain.xml at the root (which it is clearly looking for in the wrong place).

I've tried using POST and GET methods, setting the URLRequest.data method and just appending the variables as a string to the original URL. The same problem keeps occurring.

Any insight on what might cause this?

If you put crossdomain.xml at the root and then browse to http://searchStuff.com/crossdomain.xml, does it read the file? My first guess is that your server is doing a rewrite w/o your knowledge. — mpdonadio, Mar 01 '11 at 21:21

score 0 · Answer 1 · answered Mar 01 '11 at 14:48

0

You could specify an absolute path in your source:

flash.system.Security.loadPolicyFile("{http://domain.com/crossdomain.xml}");

answered Mar 01 '11 at 14:48

jpea

3,114
3
26
26

Thanks for the reply! I placed this in my code and gave it a try. Unfortunately, Security.loadPolicyFile can only execute _after_ the crossdomain.xml has been loaded from the root of the server. And my program is mistaken about where the root of the server is. – Andrew Zimmer Mar 01 '11 at 15:00
Not sure I understand - why can't you load the policy file when you init your swf right at the beginning? – jpea Mar 01 '11 at 15:07
Flash requires a user to load the policy file from the root first. The reason is so the permitted-cross-domain-policies tag can be read, because you can specify to only allow the master xml. Of course in my case, flash is misunderstanding where the root is, which means it can never load it, and Security.loadPolicyFile simply doesn't execute. – Andrew Zimmer Mar 01 '11 at 15:13

score 0 · Answer 2 · answered Mar 03 '11 at 14:21

Well, I figured it out. It turns out you have to have the "/" before the "?",

ie: The url I was using looked like this:

http://searchStuff.com/search?master_device_id=5606&q=email&do=simulator_sayt

but it needed to look like this

http://searchStuff.com/search/?master_device_id=5606&q=email&do=simulator_sayt

That fixed the problem.

crossdomain.xml request begins with appended GET URL Data

2 Answers2